| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Sep 2006 12:41:39 -0700 From: "David Schwartz" <davids@...master.com> To: "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org> Subject: RE: Possible gpl problem? > On Fri, 2006-09-01 at 22:54 -0700, David Schwartz wrote: > > So the purpose of the "any third party" requirement is to > > make sure that > > someone who receives a copy of the offer from a redistributor > > can acquire > > the source code. It's not so that someone who never received any > > distribution at all can acquire the source code. > I see. So your claim is that when it says "any third party" it doesn't > actually mean "any third party". No, it means any third party. That is, you cannot refuse to honor the agreement on the grounds that the person enforcing it is not someone with whom you have some previous arrangement or agreement. You cannot discriminate on the basis of who is trying to enforce the agreement. If I say "any third party may hire my services for $200/hr", that doesn't mean that I have to give my services away for free just because it says "any third party". It would be absurd to argue that if I don't give my services for free, then I'm re-interpreting "any third party" as "any third party willing to pay for my services". What is the point of the offer being written? What is the point of non-commerical distributors being required to provide a copy? Obviously it's so that those who receive the binary can enforce the offer. > > > It doesn't say "any third party who is in possession of a copy of the > > > binary and has a verbatim copy of the original written offer > > > of source". > > > It just says "any third party". > > > > What would be the point of accompanying it with the > > information regarding > > the offer if that information served no purpose whatsoever? How > > could you > > enforce an offer when you had no knowledge of who was making > > the offer and > > what its terms were? > That seems like both question and answer to me; I think you're confusing > yourself. How so? > The "information regarding the offer" is precisely that knowledge about > whom to contact to ask for the source. The point in accompanying > redistributed binaries with that information is so that the recipient of > the binaries knows how to obtain the source code. Right. > That works because "any third party" has a right to approach the > original distributor and ask for the sources. Assuming they know who the original distributor is. Assuming they know that the offer even exists. > Of course, that third party does need to _know_ that the source is there > for the asking -- that's why the GPL specifies that the information has > to be passed on to subsequent recipients of the binaries. But that > doesn't mean that the original distributor is only required to provide > source to those who've received binaries -- the GPL says "any third > party". You are confusing what I said. I did not say the distributor is only required to provide source to those who've recieved binaries. The distributor cannot say "prove you have the binaries or I will not ship you source". I am saying that this scheme only *guarantees* that those who receive binaries can get source. Just because an offer exists that is valid for any third party, it does not follow that any third party will in fact be capable of taking advantage of the offer (and thus become entitled to the thing complying with the terms of the offer gets them). This scheme does not in fact guarantee that any third party can get the source code. I'm sure there have been many distributions under this scheme wherein I have no way to get the source code because I do not even know the software exists, much less who to contact to get my copy. The mere existence of an offer does not entitle me to the thing offered. Only compliance with the terms of the offer entitles you to the thing offered. > It's entirely possible for a someone to be entitled to something without > actually being _aware_ of the fact. Your argument seems to be based on > the assumption that that is not possible, as well as a creative > misinterpretation of the fairly unambiguous phrase "any third party". By this argument, I am entitled to a Whopper because I can buy one. But of course you are not entitled to it. Just because there exists an offer by which you could get it, it does not follow that you are entitled to it. I am entitled to the source code if and only if I can and do exercise the offer. If I cannot or do not exercise the offer, I am not entitled to the source code. I may be required to pay for the source code. > You keep talking about enforcement, strangely -- as if a right cannot > exist without the direct ability to enforce it. Many people seem to > believe that the only people who can _enforce_ the GPL are those who > hold copyright in the original source; whose work was used by the party > who is now refusing to provide their modified sources. > By your logic, if a right cannot exist without the ability to enforce > it, the only people who are entitled to receive source are the original > copyright-holders -- not even the direct recipients of the binaries, > since they are not in a position to _enforce_ the GPL. > That just doesn't make any sense. By "enforce" I just mean exercise, that is, you are capable of complying with the terms. By your understanding, creating the written offer and including a copy of it serves no purpose whatsoever. The mere existence of the offer is sufficient in your view. DS -- VGER BF report: U 0.5 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists